top of page

Past Articles

Here we collect and archive articles that were featured on our past newsletters.

Original newsletters gathered here.

May 22nd Newsletter Content [Original Newsletter]

Subject: IPMeter- May 22, Imron, Identify Theft, Blockchain, Jailed for Hacked video cameras, Market Trends, (HOTw) Chrome Zero Day

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, #IPMeter

I will be presenting at this event. More info to follow. I met this week with the panel.  Looking forward to sharing the stage with some good folks! If you need tickets give me a DM- I know a guy.

[Click for Event Details]

[Flyer for Event (PDF)]

Identity Theft and Employment Fraud: A National Security Concern

The arrest of Christina Chapman in Arizona, accused of facilitating North Korean nationals in obtaining U.S. jobs through identity theft, highlights a significant cybersecurity breach. The scheme, active since October 2020, exploited stolen identities to generate nearly $7 million, potentially aiding North Korea's weapons program. Chapman managed a network of remotely operated laptops to obscure the true locations of the IT workers she assisted, charging them fees for her services. This case underscores the urgent need for improved cybersecurity measures and stringent identity verification processes in the remote work era. #IdentityTheft #RemoteWorkSecurity #NationalSecurity For expert advice on enhancing your cybersecurity, contact us at newsletter@ipmeter.net.

The revelation of Christina Chapman's involvement in aiding North Korean nationals through identity theft underscores a significant vulnerability within the remote work landscape. The ability of these actors to manipulate employment systems and funnel significant funds to a hostile regime is alarming. It is imperative that U.S. companies and government agencies adopt more rigorous identity verification and cybersecurity protocols to prevent such breaches. Furthermore, this incident illustrates the broader national security risks posed by insufficient cybersecurity measures in the private sector. As remote work becomes increasingly prevalent, addressing these vulnerabilities is critical to safeguarding both economic interests and national security. #CyberSecurity #IdentityProtection #RemoteWorkRisks #NationalDefense #DataSecurity

[Click for Article]

Blockchain Technology: A Game Changer for Cybersecurity

In the face of escalating cyber threats, blockchain technology emerges as a key solution for enhancing cybersecurity. Its decentralized and immutable nature offers significant protection against data breaches, phishing attacks, and ransomware. Blockchain's ability to decentralize data storage and secure communications fortifies defenses against cyber threats. Additionally, it enhances identity management and improves IoT security. However, challenges such as scalability and regulatory compliance need to be addressed for broader adoption. #CyberSecurity #Blockchain #DataProtection #IoTSecurity For insights on implementing blockchain for cybersecurity, contact us at newsletter@ipmeter.net.


The rising tide of cyber threats necessitates advanced cybersecurity measures, and blockchain technology presents a formidable solution. By decentralizing data and ensuring its immutability, blockchain reduces the risk of cyber intrusions. Its applications in securing communications, enhancing identity management, and fortifying IoT devices offer a holistic approach to cybersecurity. Despite challenges in scalability and regulatory compliance, the potential of blockchain to revolutionize cybersecurity is substantial. Embracing blockchain technology is essential for organizations to protect their digital assets and secure their operations. #BlockchainTech #CyberDefense #DataSecurity #FutureTech #DigitalInnovation

[Click for Article]

Cybersecurity Expert Jailed for Selling Videos from Hacked Smart Home Cameras

A 41-year-old Korean cybersecurity expert has been sentenced to four years in prison for hacking wallpad cameras in 400,000 homes and selling private videos. He accessed 638 apartment complexes, exploiting smart home devices for video security. Despite claiming he aimed to highlight security flaws, the court noted his intent to profit from the stolen footage. He must also complete a sexual crime prevention program and faces a four-year employment ban in related sectors. #CyberSecurity #PrivacyInvasion #SmartHomeDevices #Hacking For further details on securing your smart home devices, contact us at newsletter@ipmeter.net.


This case starkly illustrates the privacy vulnerabilities of smart home devices. The cybersecurity expert's ability to hack into 400,000 homes and sell intimate footage reveals serious security flaws. It underscores the urgent need for robust cybersecurity measures and heightened awareness among users. Manufacturers must prioritize security to prevent such breaches, and users should take proactive steps to safeguard their privacy. This incident serves as a critical reminder of the potential risks of smart home technology. #PrivacySecurity #CyberAwareness #SmartHomeSafety #DataProtection

[Click for Article]

IoT Security Market Statistics - 2026: A Growing Opportunity for Investors and Workers

The IoT security market, valued at $8,472.19 million in 2018, is projected to grow to $73,918.82 million by 2026, with a CAGR of 31.20%. Factors driving this growth include the increase in ransomware attacks on IoT devices, rising IoT security regulations in developing economies, and growing malware and phishing threats. Despite challenges like budget constraints and high costs, the market is expected to benefit from the increasing need for IoT security solutions and their adoption in developing countries. The energy and utility sector was the dominant market segment in 2018, with the IT and telecom sector anticipated to experience significant growth. For further information and market analysis, contact us at newsletter@ipmeter.net.


The forecasted growth of the IoT security market underscores its critical importance in protecting interconnected devices from cyber threats. This sector's expansion is a prime opportunity for investors looking to capitalize on the rising demand for cybersecurity solutions. Professionals in the cybersecurity field can also look forward to increased job opportunities and the need for specialized skills to address these challenges. As IoT devices become more ubiquitous, the emphasis on securing these networks will only intensify, making this a pivotal area for investment and career growth. #IoTSecurity #CyberThreats #InvestmentStrategy #FutureTech

[Click for Article]

Hack of the Week (HOT-W)

Emergency Chrome Update Fixes Third Zero-Day Vulnerability in a Week

Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week. The high-severity vulnerability  (CVE-2024-4947), caused by a type confusion weakness in the V8 JavaScript engine, was reported by Kaspersky researchers. This flaw, actively exploited in targeted attacks, can lead to arbitrary code execution on affected devices. Users are urged to update Chrome immediately to protect against these vulnerabilities. #ChromeUpdate #CyberSecurity #ZeroDay #GoogleChrome For more information on the latest security updates, contact us at newsletter@ipmeter.net.

The release of an emergency Chrome update to fix three zero-day vulnerabilities in a week underscores the critical importance of timely software updates for cybersecurity. The high-severity nature of CVE-2024-4947, which can lead to arbitrary code execution, highlights the persistent threats posed by zero-day exploits. Users must act swiftly to update their browsers, ensuring their devices are protected against these sophisticated attacks. It is also crucial for organizations to maintain robust patch management practices to safeguard their systems from emerging vulnerabilities. #CyberSecurity #ZeroDayThreats #ChromeSecurity #UpdateNow #DigitalSafety

[Read the HOT-W]

20240522-1
20240522-2
20240522-3
20240522-4
20240522-5
20240522-hotw

May 9th Newsletter Content [Original Newsletter]

Subject: IPMeter- May 8, Imron, Water Protection, Eken Doorbell Camera Fix, Water Attacks, Automotive Spyware, (HOTw) Cuttlefish

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, #IPMeter

I will be presenting at this event. More info to follow. I met this week with the panel.  Looking forward to sharing the stage with some good folks! If you need tickets give me a DM- I know a guy.

[Click for Event Details]

[Flyer for Event (PDF)]

Urgent Warning: Cyber Attacks Targeting US Water Facilities

The escalation of cyber attacks against critical US infrastructure continues as Russia joins Iran and China in targeting water facilities. Vulnerabilities in operational technology (OT) pose significant risks, with state-sponsored actors aiming to disrupt water supplies and compromise energy reliability. A joint advisory from US government agencies, the UK's National Cyber Security Center, and Canada's Center for Cyber Security highlights the grave threat posed by unsecured OT devices. While recent attacks by Russia-linked groups have resulted in only minor disruptions, there is a growing concern about the potential for malicious actors to gain significant control over OT environments. Learn more about the evolving cyber threat landscape and measures to safeguard critical infrastructure. #Cybersecurity #CriticalInfrastructure #OTSecurity #Russia At IPMeter, we understand the importance of protecting critical infrastructure from cyber threats. Contact us at newsletter@ipmeter.net to discover how we can enhance your cybersecurity posture.

The recent wave of cyber attacks targeting US water facilities underscores the urgent need for robust cybersecurity measures. The ability of threat actors to exploit vulnerabilities in OT devices highlights the critical importance of securing critical infrastructure. While manual controls provide some level of mitigation, proactive measures are essential to prevent potentially catastrophic outcomes. The joint advisory's recommendations for OT vulnerability mitigation serve as a valuable resource for enhancing security resilience. It is imperative for organizations to prioritize cybersecurity investments and collaborate with government agencies to defend against evolving threats. #Cybersecurity #CriticalInfrastructureProtection #ThreatMitigation #Collaboration

[Click for Article]

Update: Security Issues Resolved in Eken Doorbell Cameras

Eken Group has addressed significant security vulnerabilities in its budget doorbell cameras with a recent firmware update, following a Consumer Reports investigation earlier this year. Originally flagged for exposing sensitive data like home IP addresses and allowing unauthorized access to camera feeds, the cameras now boast firmware version 2.4.1 or higher, indicating the security patch. Consumer Reports confirms the update resolves the issues, prompting the removal of warning labels. While some models have been discontinued, Eken pledges to adhere to FCC labeling requirements for future products. Stay protected by ensuring your device is updated. #Eken #DoorbellCameras #SecurityUpdate #ConsumerReports #FirmwareUpdate At IPMeter, we prioritize security to safeguard against vulnerabilities in IoT devices. Contact us at newsletter@ipmeter.net to explore how our solutions can enhance your cybersecurity posture.


The response by Eken Group to address security flaws in its doorbell cameras underscores the critical importance of proactive security measures in consumer electronics. By promptly issuing firmware updates, Eken has demonstrated a commitment to user safety and data protection. However, this incident highlights the pervasive risks associated with IoT devices and the imperative for manufacturers to prioritize security in product development. Moving forward, continued vigilance and collaboration between consumers, regulators, and industry stakeholders are essential to mitigate emerging threats and uphold consumer trust. #IoTSecurity #DataProtection #ConsumerSafety #FirmwareSecurity

[Click for Article]

Why are US Utilities such as water utilities are easy targets and nobody cares

Recent Russian-linked cyberattacks on U.S. water utilities spotlight a longstanding vulnerability within the sector. Despite the critical nature of utilities infrastructure, factors such as profit-centric priorities, understaffing, and outdated equipment contribute to heightened susceptibility to cyber threats. Alan Woodward, a cybersecurity expert, underscores the industry's emphasis on cost over security, exacerbated by legislative gaps in mandating cybersecurity standards. In contrast to the U.S., countries like the U.K. proactively assess and secure service providers, highlighting disparities in regulatory frameworks. The sector's reliance on aging infrastructure further complicates defense efforts, creating a fertile ground for potential exploitation. While increased spending post-attack offers temporary respite, sustained cybersecurity investments remain imperative to safeguarding national infrastructure. #Cybersecurity #UtilitiesSector #USInfrastructure #CyberAttacks #RegulatoryFramework At IPMeter, we advocate for robust cybersecurity measures to protect critical infrastructure.

 

Contact us at newsletter@ipmeter.net to learn how our solutions can fortify your defenses.


The susceptibility of U.S. utilities to cyberattacks underscores systemic vulnerabilities that demand urgent attention. The sector's profit-driven approach, coupled with inadequate staffing and outdated infrastructure, fosters an environment ripe for exploitation. Regulatory inertia further exacerbates the situation, leaving utilities ill-equipped to confront evolving threats. To mitigate risks effectively, a paradigm shift is imperative—prioritizing cybersecurity as a strategic imperative rather than a cost burden. Moreover, proactive collaboration between industry stakeholders and government agencies is essential to establish robust defense mechanisms. Failure to address these vulnerabilities not only jeopardizes national security but also undermines public trust in critical infrastructure resilience. As cyber threats evolve, investing in comprehensive security frameworks is not just a choice but a necessity for safeguarding our collective interests. #CriticalInfrastructure #CybersecurityStrategy #RegulatoryReform #PublicTrust #NationalSecurity

[Click for Article]

GM gives driving information to insurance companies- users rate jumps 20%- Nissan even worse.

The convergence of technology and automobiles presents a new frontier of privacy challenges for drivers, as highlighted by recent developments in auto insurance and data collection practices. A report reveals a significant increase in insurance premiums due to data transmitted from vehicles to insurers, exemplified by a Seattle resident's 21% rate hike attributed to General Motors' OnStar Smart Driver program. Moreover, manufacturers' data policies, such as Nissan's allowance for the collection of sensitive personal information, underscore the potential intrusion into drivers' privacy. Unlike protections afforded to smartphone data, the information gathered by cars remains largely unregulated, exposing users to surveillance and unwarranted disclosures to law enforcement. These revelations necessitate proactive measures to safeguard personal information and reclaim control over vehicle data sharing practices. #AutoInsurance #PrivacyConcerns #DataCollection #RegulatoryGaps #PersonalDataProtection


The proliferation of data-gathering capabilities in modern vehicles poses a significant threat to individual privacy rights and personal autonomy. The revelation of soaring insurance premiums driven by vehicle data underscores the urgent need for regulatory intervention to establish comprehensive safeguards against unwarranted surveillance and exploitation. Manufacturers must adopt transparent data policies and provide users with meaningful consent mechanisms to empower informed decision-making. Additionally, drivers should leverage resources such as the Electronic Frontier Foundation's guide to assess and mitigate data risks effectively. Empowering individuals to assert control over their data is paramount in countering the erosion of privacy in an increasingly connected automotive landscape. As custodians of consumer trust, automakers bear a responsibility to prioritize user privacy and accountability in data collection practices. #PrivacyRights #DataSecurity #RegulatoryReform #ConsumerEmpowerment #DigitalPrivacyAwareness

[Click for Article]

Hack of the Week (HOT-W)

Alert: New Malware 'Cuttlefish' Threatens Router Security

A dangerous new malware dubbed 'Cuttlefish' is targeting enterprise-grade and small office/home office (SOHO) routers, posing a significant threat to data security. Identified by Lumen Technologies' Black Lotus Labs, Cuttlefish operates by creating a proxy or VPN tunnel on compromised routers to stealthily exfiltrate data, circumventing traditional security measures. The malware, active since at least July 2023, has been observed primarily in Turkey but has also impacted satellite phone and data center services globally. With capabilities to perform DNS and HTTP hijacking, Cuttlefish can intercept sensitive information, including usernames, passwords, and tokens associated with cloud-based services. To safeguard against this pervasive threat, organizations are urged to strengthen router security, monitor network traffic, and regularly update firmware. #Malware #Cybersecurity #RouterSecurity #DataProtection

The emergence of the 'Cuttlefish' malware underscores the critical need for enhanced router security measures to combat evolving cyber threats. By exploiting vulnerabilities in routers, threat actors can compromise sensitive data and disrupt business operations with devastating consequences. The proactive detection and mitigation of malware attacks are paramount to safeguarding organizational assets and maintaining data integrity. Moreover, collaborative efforts between cybersecurity experts and industry stakeholders are essential to develop robust defense strategies against emerging threats like Cuttlefish. As cyber adversaries continue to evolve their tactics, it is imperative for organizations to stay vigilant and prioritize cybersecurity investments to mitigate risks effectively. #CyberDefense #ThreatMitigation #CyberResilience #RouterProtection

[Read the HOT-W]

20240509-1
20240509-2
20240509-3
20240509-4
20240509-5
20240509-hotw

April 25th Newsletter Content [Original Newsletter]

Subject: IPMeter- April 25, Imron, (UK/EU) IoT Security, Attacks, PTZsled, Ubuntu Pro IoT, (HOTw) Hotel kiosk exploit

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, #IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Congress Requests briefing from DHS on Protection of U.S. Water Facilities post Texas attack

Recent reports of a cyberattack on a United States water facility in Muleshoe, Texas, allegedly orchestrated by a Russian government-affiliated cyber group, have raised concerns about the security of our nation's critical infrastructure. In response, Members of Congress have requested a briefing from Secretary Mayorkas to discuss the protections already in place and additional measures needed to safeguard water facilities and other critical infrastructure from adversary disruption. Learn more about the implications of this cyberattack and the importance of securing our water resources. #HomelandSecurity #Cybersecurity #InfrastructureProtection

At IPMeter, we are committed to supporting critical infrastructure with robust tools and services to ensure security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

Secretary Mayorkas must take decisive action to strengthen protections for our nation's water facilities and collaborate closely with local officials and international allies to mitigate future threats. It is imperative that we learn from previous incidents and implement comprehensive strategies to defend against cyber threats to our critical infrastructure. This means 100% requirement for local vulnerability testing, performed quarterly. #Cybersecurity #InfrastructureProtection #NationalSecurity #ipmeter

[Click for Article (pdf)]

Alert: D-Link NAS Device Vulnerabilities Exposed (again??)

Recently disclosed vulnerabilities in D-Link network-attached storage (NAS) devices have raised concerns as attack attempts surge. Two vulnerabilities, CVE-2024-3272 and CVE-2024-3273, allow unauthenticated attackers to compromise certain D-Link NAS models. Despite D-Link's advisory, which recommends replacing affected devices, the lack of patches for end-of-life products leaves customers vulnerable. Exploitation attempts have increased significantly, with over 150 IPs detected targeting these vulnerabilities. Some attacks are linked to Mirai-like botnets, raising fears of potential DDoS threats. The US cybersecurity agency CISA has added the vulnerabilities to its Known Exploited Vulnerabilities catalog, urging government agencies to address them promptly. Learn more about the escalating threat posed by these vulnerabilities. #Cybersecurity #DLink #Vulnerabilities #CISA At IPMeter, we prioritize security and offer solutions to protect against emerging threats. Contact us at newsletter@ipmeter.net to learn how we can help safeguard your network infrastructure.

The surge in exploitation attempts targeting D-Link NAS vulnerabilities raises an interesting question for those writing IoT standards. Lets face it, at home most of us only replace things when they fail. Here is a recommendation I would like to float: in the both US and EU IoT Consumer bills, make manufactures specify in their spec how long security patches will be available. It's really just extending something that Cisco and others have done for years... EOL, EOA, EOSL, EOSS #Cybersecurity #VulnerabilityManagement #ThreatMitigation #CISA #ipmeter

[Click for Article]

Hack of the Week (HOT-W)

Second Water Treatment hack in a week: Russian Hackers Claim Responsibility for Cybersecurity Attack on Tipton, Indiana Wastewater Treatment Plant

Discover how Russian hackers targeted a wastewater treatment plant in Tipton, Indiana, raising concerns about the security of critical infrastructure. Despite minimal disruption, the incident underscores the urgent need for enhanced #Iotsecurity measures. Learn more about the implications of this attack and the collaborative efforts of state and federal agencies to protect public water supplies. Read the full article here. #CISA #IPMeter At IPMeter, we are serious about protecting critical infrastructure. We provide tools and services to support IoT, IT, and commercial systems in buildings, factories, and plants across the country. We are fanatical about security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

This is is the second posting on municipal wastewater treatment hacks. While the water supply remained intact, the incident highlights the vulnerability of essential services to malicious actors. It's imperative that we prioritize #Iotsecurity measures and collaborate closely with agencies like CISA to mitigate future threats. At IPMeter, we are committed to supporting critical infrastructure with robust tools and services to ensure security, reliability, and availability. Let's work together to safeguard our nation's vital systems.

[Read the HOT-W]

20240425-1
20240425-2
20240425-3
20240425-hotw
20240411-1

April 18th Newsletter Content [Original Newsletter]

Subject: IPMeter- April 18, Imron, (UK/EU) IoT Security, Attacks, PTZsled, Ubuntu Pro IoT, (HOTw) Hotel kiosk exploit

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, #IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

UK and EU Introduce New Cybersecurity Requirements for IoT Products

The UK and EU are implementing stringent cybersecurity regulations for consumer Internet of Things (IoT) products, reflecting a global trend toward bolstering the security of internet-connected household items. In the UK, the Product Security and Telecommunications Infrastructure (PSTI) Regulations mandate that IoT products meet minimum security standards, with penalties for noncompliance reaching up to £10 million or 4% of worldwide annual turnover. Manufacturers, importers, and distributors must adhere to various obligations, including ensuring unique passwords, providing points of contact for reporting security issues, and declaring compliance with security requirements. Additionally, the EU is finalizing its Cyber Resilience Act (CRA), which imposes cybersecurity obligations on manufacturers for hardware and software products placed on the EU market. Manufacturers must conduct risk assessments, provide continuous monitoring and software updates, enhance transparency, and report security incidents to national authorities. Importantly, businesses must prepare for compliance with these regulations, recognizing the global significance of cybersecurity standards in an increasingly interconnected world.

The introduction of new cybersecurity regulations in the UK and EU underscores the critical importance of safeguarding internet-connected devices against evolving cyber threats. By mandating minimum security standards and imposing significant penalties for noncompliance, regulators are sending a clear message to manufacturers, importers, and distributors about the imperative to prioritize cybersecurity in product development and distribution. The comprehensive requirements outlined in the PSTI Regulations and the CRA reflect a proactive approach to mitigating cybersecurity risks throughout the supply chain and product lifecycle. However, businesses must be proactive in understanding and implementing these regulations to avoid costly penalties and reputational damage. Furthermore, the global nature of cybersecurity challenges necessitates a coordinated effort among international stakeholders to establish uniform standards and foster collaboration in addressing cyber threats. As IoT devices become increasingly pervasive in everyday life, ensuring their security and resilience is paramount to safeguarding consumer trust and protecting critical infrastructure. Compliance with these regulations is not only a legal obligation but also a strategic imperative for businesses seeking to thrive in the digital economy. #CybersecurityRegulations #IoTSecurity #GlobalCybersecurityStandards

[Click for Article]

Report Highlights Widespread Network Anomalies and Attacks in OT and IoT Environments

Nozomi Networks' latest OT & IoT Security Report reveals that network anomalies and attacks pose significant threats to operational technology (OT) and Internet of Things (IoT) environments, particularly within critical infrastructure sectors. The report, based on telemetry data collected from 25 countries, indicates a 230 percent increase in vulnerabilities in critical production areas, providing cybercriminals with increased opportunities to exploit networks and create anomalies. Network anomalies and attacks accounted for 38 percent of threats in the second half of 2023, with network scanning and TCP flood attacks being the most prevalent. Notably, authentication and password issues saw a 123 percent increase in alerts, underscoring ongoing challenges related to unauthorized access attempts and identity management. The report identifies manufacturing, energy, and water/wastewater sectors as the most vulnerable, with the manufacturing industry experiencing a 230 percent increase in Common Vulnerabilities and Exposures (CVEs). Despite a decline in reported vulnerabilities in some sectors, the prevalence of critical threat activities highlights persistent security challenges. Malicious activity against IoT devices remains a concern, with an average of 712 unique attacks per day observed from July to December 2023. Attackers primarily target IoT devices using standard credentials and employ techniques such as brute force attempts and Remote Code Execution (RCE) to gain access.

The findings of the Nozomi Networks report underscore the urgent need for enhanced cybersecurity measures in OT and IoT environments, especially within critical infrastructure sectors. The significant increase in network anomalies and attacks, coupled with rising vulnerabilities in critical production areas, highlights the evolving threat landscape faced by organizations worldwide. Manufacturers, energy providers, and water/wastewater facilities must prioritize cybersecurity initiatives to mitigate risks and safeguard operational assets against potential disruptions. Implementing robust authentication mechanisms and access controls is crucial in thwarting unauthorized access attempts and protecting sensitive information from compromise. Furthermore, the persistent targeting of IoT devices underscores the importance of implementing strong password policies and regularly updating device firmware to address known vulnerabilities. Security professionals should leverage insights from the report to reassess risk models and develop proactive security strategies tailored to their organization's unique needs. Overall, the Nozomi Networks report serves as a timely reminder of the critical importance of cybersecurity in safeguarding critical infrastructure and underscores the need for continued collaboration and vigilance in combating evolving cyber threats. #CybersecurityThreats #OTSecurity #IoTSecurity

[Click for Article]

STEVE'S BEST TECHNOLOGY FOR VIDEO SURVEILLANCE

Anybody hang off the side a multistory building to attach a corner mount camera? How many man hours to you plan per camera for this type of exterior mount? It's dangerous for installers and the pedestrian traffic below. This is a great solution to increase safety and reduce the complexity of a rooftop camera installation.

Simplifies installation and makes unnecessary the penetrations needed to mount exterior cameras on rooftops. This becomes very useful when the buildings are leased and the requirements for rooftop penetrations are either too cumbersome or outright disallowed by lease agreements. Bonus is that the kit can be reused on other buildings as needed.

[Click for Product Details]

Canonical Unveils Ubuntu Pro for IoT Devices with Emphasis on Security and Compliance

Canonical has introduced Ubuntu Pro for Devices, a comprehensive solution designed to prioritize security and compliance for IoT device deployments. This initiative promises 10 years of security maintenance for Ubuntu and various open-source packages, along with device management capabilities through Canonical's Landscape tool. Ubuntu Pro ensures that IoT devices receive consistent and reliable security patches from a trusted source, addressing the growing concerns surrounding cybersecurity in the embedded space.

Canonical's recent launch of Ubuntu Pro for Devices marks a significant milestone in the realm of IoT security and compliance. By offering a comprehensive solution that promises 10 years of security maintenance, along with robust device management capabilities, Canonical has set a new standard for ensuring the integrity and safety of IoT deployments.

[Click for Article]

Hack of the Week (HOT-W)

Hotel check-in terminal bug spews out access codes for guest rooms

A self-service check-in terminal used in a German Ibis budget hotel was found leaking hotel room keycodes, and the researcher behind the discovery claims the issue could potentially affect hotels around Europe. (Our guest) discovered that an attacker could input a series of six consecutive dashes (- - - - - -) in place of a booking reference number and the terminal would return an extensive list of room details. Once the dashes were entered, the booking information displayed the cost of the booking and the valid room entry keycodes, along with the room number. It also included a timestamp, which the researchers assumed to be a check-in date – one that may indicate the length of a guest's stay. Even without the exploit using a series of dashes, valid booking references could be found on discarded printouts, necessitating greater security controls embedded in the terminals.

 

For a public facing kiosk to be compromised so easily, this speaks volumes about disallowing specific functions on any terminal that is used by the public in any public space without a specific 2FA challenge.

At IPMeter, we are serious about protecting critical infrastructure. We provide tools and services to support IoT, IT, and commercial systems in buildings, factories, and plants across the country. We are fanatical about security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

[Read the HOT-W]

20240411-2
20240411-3
20240411-4
20240411-5
20240411-6
20240411-how

April 4th Newsletter Content [Original Newsletter]

Subject: IPMeter- April 4, ISC West, Imron, FCC Labeling, Zero Trust, NIST IoT Advisory Board, UK IoT Compliance Deadline, (HOTw) Microsoft CISA CSRB Report

ISC West, April 9-12 (Las Vegas Venetian Expo Center)

ISCWest- Access Control, Alarms, Monitoring, and Video Surveillance at the Venetian next week. Drop me a DM or other if you would like to connect. I will try to post a few times from the show.

I will be attending this event to review the latest from ISCWest. In previous years, I have been doing a lot more as an exhibitor. This year, I am roaming the floor.  Hope to see you there.

[Click for Event Details]

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, #IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Advancing IoT Security: The FCC's Cybersecurity Labeling Program

The FCC’s groundbreaking cybersecurity labeling program for IoT devices marks a significant step forward in enhancing consumer awareness and protection. This initiative, akin to nutritional labels on food products, aims to provide consumers with transparent information about the cybersecurity features of IoT devices. By leveraging NIST guidelines and offering a U.S. Cyber Trust Mark, this program sets a new standard for IoT device certification, emphasizing transparency and security. See how this initiative could impact vital sectors like energy, healthcare, and manufacturing, mitigating cyber risks and bolstering global collaboration for safer IoT ecosystems. #FCC #IoTSecurity #CyberTrustMark

The FCC’s introduction of a cybersecurity labeling program for IoT devices is a monumental stride towards fortifying our digital landscape. By integrating NIST guidelines and emphasizing flexibility, this initiative addresses the intricate cybersecurity challenges posed by the diverse IoT marketplace. Notably, its potential impact on crucial sectors like energy, healthcare, and manufacturing underscores its significance in safeguarding essential consumer services COULD be used to bolster commercial trust. Moreover, its global implications could force international collaboration and standardized security norms, fostering a more resilient IoT ecosystem worldwide. As we embrace the interconnected nature of IoT, initiatives like these are paramount in cultivating a security-first mindset and ensuring a safer digital future. #FCC #IoTSecurity #DigitalTransformation

[Click for Article]

Strengthening IoT Security: Embracing Zero Trust to Combat Ransomware Threats

The surge in IoT device usage has led to a corresponding rise in ransomware attacks, prompting urgent action to fortify cybersecurity measures. This article highlights the challenges organizations face in securing their IoT infrastructure, with 93% reporting difficulties. As IoT sensors become prime targets for cyberattacks, the need for robust defenses is paramount. Recent malware attacks, including the proliferation of Mirai and Gafgyt botnets, and their devastating impact on various industries. Learn how the FCC and CISA are responding to these threats and delve into strategies for protecting IoT ecosystems in a zero-trust environment. #IoTSecurity #Ransomware #ZeroTrust

In an era marked by the exponential growth of IoT technologies, the escalating threat of ransomware looms large, necessitating a proactive approach to cybersecurity. The market for IoT ransomware tradecraft is booming, with attackers exploiting vulnerabilities to launch sophisticated attacks. The imperative to adopt a zero-trust mindset is clear, with stringent measures such as network traffic monitoring, least privilege access enforcement, and multifactor authentication emerging as vital defenses. By embracing microsegmentation, risk-based conditional access, and AI-driven patch management, organizations can bolster their resilience against evolving threats. As ransomware incidents continue to escalate across critical sectors, it's imperative that businesses prioritize cybersecurity to safeguard their IoT ecosystems and preserve operational continuity. #IoTSecurity #RansomwareDefense #ZeroTrustApproach

[Click for Article]

Advancing IoT Security: Insights from NIST's IoT Advisory Board

Checkout the latest developments from the National Institute of Standards and Technology's (NIST) Internet of Things (IoT) Advisory Board, as they refine recommendations aimed at enhancing IoT privacy and security. In a series of virtual meetings, the board discussed policies and strategies to promote IoT adoption while ensuring robust security measures. Collaboration between the IoT Federal Working Group and the ITAB has yielded positive feedback, underscoring the importance of a coordinated approach to IoT governance. The draft report highlights industry challenges, including slow adoption rates, interoperability issues, and workforce shortages, proposing comprehensive recommendations to address these hurdles. Key suggestions include establishing a national IoT strategy, modernizing infrastructure, fostering trust, and expanding the IoT workforce. Emphasizing the need for cybersecurity guidance and data privacy frameworks, the ITAB aims to bolster the resilience of the IoT ecosystem and promote responsible IoT usage. #NIST #IoTSecurity #DataPrivacy

The proactive efforts of NIST's IoT Advisory Board reflect a crucial step towards fortifying IoT security and fostering innovation in the digital landscape. By addressing key challenges such as interoperability and workforce shortages, the ITAB's recommendations lay the groundwork for a more resilient and inclusive IoT ecosystem. Collaboration between government agencies, industry stakeholders, and academia is essential to implementing these recommendations effectively. As IoT continues to permeate various sectors, it's imperative to prioritize data security and privacy by adopting "privacy by design" principles and transparent data-sharing policies. The proposed initiatives, including cybersecurity guidance and workforce development programs, underscore the importance of a holistic approach to IoT governance. Through concerted efforts and strategic investments, we can build a safer and more sustainable IoT infrastructure, unlocking its full potential for societal benefit. #IoTAdvisory #Cybersecurity #DataProtection

[Click for Article]

(UK) Urgency in IoT Security: Compliance Deadline Approaching

In this exclusive article, Michelle Kradolfer, National Manager at Secured by Design (SBD), sheds light on the impending deadline for compliance with the UK's Product Security and Telecommunications Infrastructure (PSTI) Act, scheduled for April 29. The Act mandates manufacturers, distributors, and importers of IoT consumer products to meet minimum-security requirements, ensuring the safety and integrity of connected devices. Michelle emphasizes the Act's significance in addressing IoT vulnerabilities and safeguarding against potential cyber threats. With the deadline looming, she underscores the severe penalties for non-compliance, including hefty fines and forfeiture of stock, signaling the government's commitment to IoT security. Michelle highlights SBD's role in facilitating compliance through the Secure Connected Device accreditation scheme, offering comprehensive assessments and certifications aligned with industry standards. Drawing attention to notable IoT-related incidents, Michelle underscores the critical need for robust security measures to prevent malicious exploitation of connected devices. As IoT adoption continues to surge, ensuring compliance with regulatory frameworks like the PSTI Act is paramount to mitigating cybersecurity risks and fostering consumer trust. #IoTSecurity #ComplianceDeadline #CyberThreats

Look at the way the UK is doing IoT security. The impending deadline for compliance with the PSTI Act underscores the urgency of addressing IoT security challenges and fortifying consumer protection measures. The pivotal role of regulatory frameworks in enhancing the security posture of connected devices. The severe penalties for non-compliance underscore the government's commitment to enforcing stringent security standards and holding stakeholders accountable. SBD's accreditation scheme emerges as a crucial resource for companies seeking to navigate the complexities of IoT compliance effectively. By raising awareness and offering comprehensive assessments, SBD empowers industry players to prioritize security and uphold regulatory requirements. The examples cited in this article underscore the tangible risks associated with IoT vulnerabilities, underscoring the imperative for proactive security measures. As IoT continues to reshape industries and drive innovation, regulatory initiatives like the PSTI Act serve as foundational pillars for building a resilient and secure IoT ecosystem. Through collaboration and adherence to best practices, stakeholders can ensure the integrity and trustworthiness of connected devices, safeguarding against emerging cyber threats and promoting a culture of security-first approach. #RegulatoryCompliance #ConsumerProtection #IoTInnovation

[Click for Article]

Hack of the Week (HOT-W)

Microsoft's Security Lapses Enable Chinese Hackers: US Government Review

A scathing review by the US Cyber Safety Review Board (CSRB) blames Microsoft for a series of "avoidable errors" that facilitated Chinese hackers' breach of the tech giant's network and subsequent access to the email accounts of senior US officials. The report, released by a coalition of government and private cybersecurity experts, lambasts Microsoft for failing to adequately safeguard a critical cryptographic key, allowing hackers to forge credentials and gain unauthorized access to Outlook accounts. Describing the hack as "preventable," the report underscores the urgent need for Microsoft to revamp its security culture and practices, given its pivotal role in the technology ecosystem. The breach compromised the email accounts of high-ranking US diplomats, including US Ambassador to China Nicholas Burns and Secretary of Commerce Gina Raimondo, ahead of diplomatic engagements with China. Microsoft acknowledges the findings and pledges to reinforce its security measures, emphasizing ongoing efforts to fortify systems against sophisticated cyber threats. The incident underscores broader concerns about cybersecurity vulnerabilities inherent in widely used software and underscores the imperative for enhanced collaboration between the government and IT service providers to bolster national security interests. #MicrosoftSecurity #CyberSafety #USNationalSecurity

 

The damning review of Microsoft's security lapses underscores the existential threat posed by sophisticated cyber adversaries to national security and underscores the urgent need for robust cybersecurity measures. Microsoft's failure to protect critical communications infrastructure highlights the inherent risks associated with centralization in the technology ecosystem and underscores the imperative for enhanced vigilance and accountability among industry leaders. The breach's impact on diplomatic engagements with China underscores the geopolitical ramifications of cyber-espionage and underscores the need for stringent safeguards to protect sensitive communications. Microsoft's commitment to fortifying its security posture is a step in the right direction, but sustained collaboration and innovation are essential to stay ahead of evolving cyber threats. The US government's call to action for meaningful change in its relationship with Microsoft signals a pivotal moment in the cybersecurity landscape and underscores the collective responsibility to safeguard critical infrastructure and national interests. Moving forward, proactive measures, including robust threat intelligence sharing and comprehensive security audits, are imperative to defend against persistent and sophisticated cyber adversaries. #CybersecurityThreats #GeopoliticalImplications #CollaborativeDefense

At IPMeter, we are serious about protecting critical infrastructure. We provide tools and services to support IoT, IT, and commercial systems in buildings, factories, and plants across the country. We are fanatical about security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

[Read the HOT-W]

[Read the  CISA Report]

20240404-0
20240404-1
20240404-2
20240404-3
20240404-4
20240404-5
20240404-hotw

March 29th Newsletter Content [Original Newsletter]

Subject: IPMeter- Mar 29, IMRON Conference, US/EU Standards Convergence, Safeguarding Strategies, Cyber security, (HOTw)  Understanding Unsaflok

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Aligning US and EU Standards

Good article on aligning technical standards and conformity assessments between the US Cyber Trust Mark and the EU's Cyber Resilience Act (CRA). This article suggest how a mutual recognition agreement (MRA) could streamline transatlantic cooperation, allowing firms to test once and sell in both markets. Join us at IPMeter to stay ahead of the curve in protecting critical infrastructure. #Iotsecurity #cisa #ipmeter #Cybersecurity #InfrastructureSecurity

Aligning technical standards between the US Cyber Trust Mark and the EU's Cyber Resilience Act (CRA) via a recognition agreement (MRA) would streamline transatlantic cooperation, allowing firms to test once and sell in both markets.  Join us at IPMeter to stay ahead of the curve in protecting critical infrastructure. #Iotsecurity #cisa #ipmeter #Cybersecurity #InfrastructureSecurity

[Click for Article]

Tackling IoT Security Challenges: Strategies for Safeguarding Connected Systems

Summary: In the world of IoT, security concerns are a problem; this article provides a good overview to the issue. This article discusses inadequate security protocols and limited update mechanisms. It highlights issues like resource constraints, network security weaknesses, and data privacy concerns, offering insights on how to address these challenges head-on. Join the conversation on #Iotsecurity and learn more about safeguarding connected systems. #cisa #ipmeter

The vulnerabilities highlighted, from inadequate security protocols to limited update mechanisms, underscore the urgent need for robust cybersecurity measures across industries like aviation, water treatment, and building management. It's imperative that stakeholders prioritize security standards, embrace innovative update delivery methods, and enhance transparency and consent mechanisms to mitigate risks effectively. Together, through collaboration and vigilance, we can fortify our infrastructure against evolving threats and ensure a resilient future. #Iotsecurity #cisa #ipmeter At IPMeter, we are serious about protecting critical infrastructure. We provide tools and services to support IoT, IT, and commercial systems in buildings, factories, and plants across the country. We are fanatical about security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

[Click for Article]

Short article focusing on IoT security strategies.

Good article by Simplex- This article explores the evolving landscape of IoT security, addressing risks and offering best practices. Learn how Simplex Wireless provides cutting-edge solutions to protect your IoT infrastructure. #IoTsecurity #cybersecurity #SimplexWireless

I commend this article for shedding light on critical security practices. The emphasis on regular updates, secure network connections, and comprehensive security policies reflects the proactive approach needed to combat emerging threats. Let's prioritize security and embrace solutions that fortify our digital infrastructure against evolving threats. #IoTsecurity #cybersecurity #SimplexWireless

[Click for Article]

Hack of the Week (HOT-W)

Understanding Unsaflok: Safeguarding Hotel Security

Discover the critical security vulnerabilities in Dormakaba’s Saflok electronic RFID locks, affecting over three million doors across 131 countries. Learn how these vulnerabilities allow attackers to unlock any room in a hotel using forged keycards. This article provides insights into impacted locks, update status, and detection methods, ensuring hotel staff and guests are aware of potential security risks. Stay informed to safeguard against cyber threats. #Unsaflok #HotelSecurity #Cybersecurity

 

I find the revelations about Unsaflok concerning but not surprising. The vulnerabilities underscore the urgent need for robust security measures in hotel lock systems. While Dormakaba has initiated fixes, the extensive update process highlights the challenges in securing widespread deployments. Hoteliers must prioritize security upgrades and implement additional physical locking devices to mitigate risks effectively. Let's leverage this disclosure to enhance hotel security standards and safeguard guest privacy and safety. #Unsaflok #HotelSecurity #Cybersecurity

At IPMeter, we are serious about protecting critical infrastructure. We provide tools and services to support IoT, IT, and commercial systems in buildings, factories, and plants across the country. We are fanatical about security, reliability, and availability. Reach out to us at newsletter@ipmeter.net to schedule a demo.

[Read the HOT-W]

20240329-1
20240329-2
20240329-3
20240329-4
20240329-hotw

March 21st Newsletter Content [Original Newsletter]

Subject: IPMeter- Mar 21, IMRON Conference, White House, CSA IoT Standards, Cyber security, (HOTw)  Smart Helmet

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

White House issues warning on cyber threats to water and wastewater systems

The White House has issued a new advisory highlighting the persistent threat posed by threat groups from Iran and China targeting US water and wastewater systems. This memo urges operators to review and bolster their cybersecurity practices in the face of ongoing attacks. Recent incidents, including one where an Iranian group disrupted a water facility in Pennsylvania, underscore the potential risks to critical infrastructure. With growing concerns over cybersecurity vulnerabilities in the water sector, organizations are urged to take immediate action to safeguard these essential systems. Stay informed and take action to protect critical infrastructure. #IoTsecurity #CISA #IPMeter

3/20- Another advisory from White House highlighting cyber risk to water treatment "In many cases, even basic cyber security precautions — such as resetting default passwords or updating software to address known vulnerabilities — are not in place and can mean the difference between business as usual or a disruptive cyber attack," the White House warned.  HEY WAIT that's what IPMeter identifies.  We ship a scanner to your facility, you plug it in and power it on.  IPMeter automatically identifies vulnerabilities.  Its disappointing that we continue to see municipal water facilities at risk.  We have seen bad actors in Israel and more recently Pennsylvania and Florida.  Contact us.  We are ready to help.

[Click for Article]

Streamlining IoT Security: The Impact of New Standards on Device Selection

The Connectivity Standards Alliance (CSA) has unveiled the IoT Device Security Specification, marking a significant step towards establishing a unified standard for IoT cybersecurity. With IoT devices becoming increasingly ubiquitous, concerns over their vulnerabilities have grown, prompting the need for robust security measures. The new specification aims to simplify the process for manufacturers to demonstrate compliance with international regulations and standards, offering consumers and businesses greater assurance when selecting IoT devices. This development underscores the importance of prioritizing #IoTsecurity and staying informed about evolving standards in the digital landscape. Join us in exploring the implications of these new standards and their potential to enhance cybersecurity across industries.

The fragmented nature of existing IoT security regulations has posed challenges for both manufacturers and consumers, leaving devices vulnerable to exploitation. By consolidating requirements from multiple international standards into a single program, the CSA aims to streamline compliance efforts and empower stakeholders to make informed choices. As we continue to witness the proliferation of IoT devices in sectors like aviation, water treatment, and manufacturing, ensuring robust security measures is paramount. Let's leverage these new standards to fortify our digital defenses and safeguard our nation's infrastructure. #CISA #IPMeter #NIST80053

[Click for Article]

Advancing IoT Security: New Standards and Government Initiatives Shape the Connected Device Landscape

The proliferation of connected devices continues to reshape consumer habits, with the average person owning six devices, according to research from PYMNTS Intelligence. As smart home gadgets gain popularity, concerns over cybersecurity have surged, prompting major industry players like Amazon, Google, and Silicon Labs to back a new cybersecurity standard and certification program for connected devices. Announced by the Connectivity Standards Alliance (CSA), this initiative aims to streamline certification processes, ensuring compliance with international regulations and standards. The introduction of the Product Security Verified Mark and IoT Device Security Specification 1.0 seeks to instill trust in consumers regarding the security of their smart devices, reflecting a significant step forward in addressing cybersecurity concerns in the IoT landscape. Stay informed about the latest developments in #IoTsecurity and join the conversation.

The introduction of initiatives like the U.S. Cyber Trust Mark by the Federal Communications Commission (FCC) demonstrates a proactive approach to empowering consumers to make informed decisions about the devices they bring into their homes. These efforts not only enhance consumer confidence but also set higher cybersecurity standards for manufacturers, ultimately fostering a safer digital environment for all. Let's continue to prioritize cybersecurity and work together to ensure the security and privacy of connected devices in an increasingly interconnected world. #CISA #IPMeter #NIST80053

[Click for Article]

Hack of the Week (HOT-W)

Vulnerabilities found in IoT Smart Helmet

Recent findings have revealed concerning vulnerabilities in smart helmets, allowing hackers to eavesdrop on conversations and track users' locations. The helmets, manufactured by LIVALL, connect to a phone app via Bluetooth, providing location information and push-to-talk capabilities. However, inadequate security measures leave these devices susceptible to exploitation, with attackers able to join groups and access private conversations with minimal effort. The response to these vulnerabilities highlights the critical need for robust security standards in IoT devices. Stay informed about the latest developments in #IoTsecurity and prioritize the security of connected devices.

 

The discovery of vulnerabilities in smart helmets underscores the urgent need for heightened security standards in IoT devices. It's alarming to see such fundamental security flaws in products designed to enhance user experience. As a cybersecurity expert, I believe these findings highlight the critical importance of rigorous security testing and implementation of best practices in IoT device development. Manufacturers must prioritize security from the outset to mitigate risks and safeguard user privacy. The response to these vulnerabilities, though ultimately effective, raises questions about the initial design and testing processes specific to smart helmets. It's essential for manufacturers to adopt proactive security measures and prioritize user safety to prevent future exploits. Let's work together to ensure the security and integrity of smart helmets and other IoT devices in an increasingly interconnected world. #CISA #IPMeter

[Read the HOT-W]

20240321-1
20240321-2
20240321-3
20240321-4
20240321-hotw

March 14th Newsletter Content [Original Newsletter]

Subject: IPMeter- Mar 14, IMRON Conference, Security, IoT with 5G-400Gb/s Networks, Supply Chain, (HOTw)  QNAP Critical Vulnerability

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Interview with Fawzia from IMRON.

Thanks to the IMRON team for hosting my interview with Fawzia.  As we continue to integrate on the UnityIS platform, it underscores that cyber and physical security really have the same underpinnings.  Thanks to Fawzia for insightful questions.  Physical security customers- contact imron to get your technology infrastructure posture as solid as your physical security.  Relying on PoE, Ethernet, Wifi to perform you security tasks?  It's time to think about how to protect those connected devices.

[Watch the Interview]

Addressing the Growing Concerns of IoT Security

The rise of Internet of Things (IoT) devices has brought convenience but also serious security concerns. Recent reports indicate a significant increase in DDoS attacks originating from IoT botnets, with more than 40% of DDoS traffic coming from these compromised devices. This surge in attacks highlights the urgent need for improved IoT security measures. Weaknesses such as outdated firmware, insecure networking, and default or hardcoded passwords make IoT devices vulnerable to exploitation by hackers. Unfortunately, many manufacturers prioritize cost over security, leaving consumers at risk. At IPMeter, we're dedicated to safeguarding critical infrastructure with our comprehensive IoT security solutions. Join us in addressing these challenges and ensuring a secure digital environment. #Iotsecurity #cisa #ipmeter #Cybersecurity #InfrastructureSecurity

The proliferation of IoT botnet attacks underscores the dire need for industry-wide action to enhance security standards. Manufacturers must prioritize security in the design and maintenance of IoT devices, rather than treating it as an afterthought. The prevalence of outdated firmware, insecure networking, and weak authentication mechanisms leaves our infrastructure vulnerable to devastating cyberattacks. It's imperative that consumers remain vigilant and demand more secure products from manufacturers. At IPMeter, we're committed to providing cutting-edge solutions to mitigate these risks and fortify our digital infrastructure against emerging threats. Let's work together to uphold the integrity and resilience of our critical systems. #Iotsecurity #cisa #ipmeter #Cybersecurity #InfrastructureSecurity

[Click for Article]

The IoT Revolution: Security Challenges in the Era of 5G and 400Gbps Networks

With technological leap of IoT, we get the promise of swifter, more reliable connectivity, unlocking a realm of possibilities for enhanced automation and operational efficiency. Estimates suggest a staggering global count of connected devices, spanning diverse sectors from agriculture to transportation. Yet, amidst this exponential growth lies a pressing concern: cybersecurity. Forrester's report underscores the vulnerability of IoT devices to cyber threats, necessitating heightened security measures. As the IoT landscape evolves, organisations face the challenge of managing the complexity and diversity of connected devices, each posing a potential gateway for attacks. Join us in exploring the risks and opportunities of this IoT revolution, and let’s champion #IoTsecurity together.

As a cybersecurity experts we are deeply invested in safeguarding our nation's critical infrastructure, the value of the IoT revolution must be tempered with cautious optimism. The exponential growth of connected devices brings unprecedented opportunities for innovation across sectors like aviation, manufacturing, and water treatment. However, with opportunity comes risk, and the rapid expansion of IoT networks demands vigilant security measures. The introduction of legislation such as the UK’s PSTI Act is a step in the right direction, but it's incumbent upon organisations to prioritize cybersecurity. By embracing comprehensive security assessments, implementing robust practices like Zero-Trust Network Access, and fostering a culture of awareness, we can navigate the complexities of IoT expansion with confidence. At IPMeter, we're committed to protecting critical infrastructure. Let’s join forces to ensure a secure digital future. #CISA #IPMeter #NIST80053 #BuildingManagement

[Click for Article]

Safeguarding Medical IoT Devices: A Critical Imperative

Some insights on safeguarding medical IoT devices against cyber threats. As the integration of Internet of Medical Things (IoMT) devices continues to reshape healthcare, the need for robust cybersecurity measures is more critical than ever. Recent studies highlight the staggering costs of data breaches, underscoring the urgency for stringent security protocols. Explore how regulatory standards like the NIST Cybersecurity Improvement Act and IR 8259 Series are shaping the landscape, and learn about the evolving FDA guidelines aimed at securing medical devices throughout their lifecycle.  #IoTsecurity, #CISA, and #IPMeter.

In today's interconnected world, securing medical IoT devices isn't just a matter of compliance—it's a moral imperative. It's clear that the stakes couldn't be higher. Medical data, with its immense value to cybercriminals, poses not only financial risks but also threatens patient safety and privacy. The updated FDA guidelines and legislative measures like the Omnibus Act signal a step in the right direction, but there's still work to be done. From threat modeling to comprehensive lifecycle security, every aspect demands meticulous attention. At IPMeter, we're committed to safeguarding critical infrastructure. Let's collaborate to fortify our defenses and protect what matters most.

[Click for Article]

Fortifying IoT Supply Chain Security: A Call to Action

The Telecommunications Industry Association (TIA) has initiated a call for global organizations to join its Supply Chain Security Working Group to enhance the TIA SCS 9001 standard.  With the exponential growth of connected devices the absence of a universal standard poses a significant challenge.  As the IoT ecosystem continues to expand, the need for comprehensive standards like SCS 9001 becomes increasingly apparent. The recent surge in cyberattacks targeting industries like manufacturing emphasizes the urgency of fortifying IoT devices against malicious actors. TIA's efforts to establish a global standard for IoT supply chain security align with our mission to provide tools and services that prioritize security, reliability, and availability. Let's collaborate to build a more resilient IoT landscape. Reach out to us at newsletter@ipmeter.net to learn more about how we can support your cybersecurity endeavors.

The evolution of IoT devices presents both unprecedented opportunities and grave cybersecurity challenges.  TIA's proactive approach in addressing the pressing issue of IoT supply chain security. The recent surge in cyberattacks across industries underscores the urgency to fortify our defense mechanisms. The introduction of initiatives like the U.S. Cyber Trust Mark program and the UK PSTI Regulation signifies a step in the right direction for the consumer side of the business, . However, combating IoT vulnerabilities requires a comprehensive strategy encompassing not only consumer awareness but also stringent supply chain protocols. TIA's SCS 9001 standard offeres a unified framework for IoT landscape.  #Cybersecurity #InfrastructureSecurity #IoTDefense #IPmeter

[Click for Article]

Hack of the Week (HOT-W)

Critical Vulnerablity Reported in QNAP: Fortifying IoT Environments using QNAP Storage

Improper authentication issue found in QNAP storage systems. The critical vulnerability could compromise the security of the system via a network.  According to QNAP, the issue impacts its QTS, QuTS hero, and QuTScloud products, essentially exposing network-attached storage (NAS) devices to unauthenticated access.

 

The recent disclosure of an improper authentication vulnerability in various QNAP operating system versions highlights the critical need for robust security measures, particularly in IoT environments dependent on QNAP storage solutions. It's imperative to recognize the potential impact of such vulnerabilities on OT departments that may use QNAP (edge storage/ video storage) in  #buildingManagement.  Proactive measures, leveraging frameworks like #NIST80053 and IPMeter, are essential to fortify these IoT environments against emerging threats and ensure the resilience of our critical infrastructure.

At IPMeter, we are committed to protecting critical infrastructure, offering tools and services to support IoT environments reliant on QNAP storage solutions. Reach out to us at newsletter@ipmeter.net to schedule a demo.

[Read the HOT-W]

20240314-1
20240314-2
20240314-3
20240314-4
20240314-5
20240314-hotw
20240314-V

March 7th Newsletter Content [Original Newsletter]

Subject: IPMeter- Mar 7, IMRON Conference, Labeling, IT-OT Landscape, Challenges, (HOTw) EKEN Smart Cameras

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

The Need for Mandatory Consumer Protections in IoT Security

The article discusses the Federal Communications Commission's (FCC) proposal to establish a voluntary labeling program for Internet of Things (IoT) products, aiming to address cybersecurity concerns.

Opinion: Making IoT Labeling Voluntary Is Not Sufficient for Consumer Safety. The recent proposal by the Federal Communications Commission (FCC) to establish a voluntary labeling program for Internet of Things (IoT) products, while a step in the right direction, but does not adequately address the cybersecurity concerns of consumers. Voluntary programs can promote awareness, but in this case it falls short in ensuring comprehensive protection for consumers. Look I get the idea letting people make there own decisions, but your Aunt Mary needs a way to simplify decision making around IoT devices otherwise you know what you will be doing on Thanksgiving Day. Contact us today to discuss IPMeter. #Iotsecurity #CISA #IPMETER #cybersecurity #IoTvulnerabilities

[Click for Article]

Securing Converged Networks: Navigating the IT-OT Landscape:  Why IT and OT are different

In the wake of Honda's recent malware attack, cybersecurity experts warn of the increasing threat to operational technology (OT) and IoT systems. The convergence of IT and OT networks presents new challenges for organizations, with cybercriminals leveraging this interconnectedness to launch ransomware attacks and infiltrate critical infrastructure. Unified security visions across IT and OT are valuable.  However, execution often requires unique tools for different environments. . #Iotsecurity #cisa #ipmeter

In the realm of securing critical infrastructure, it's imperative to recognize that while IT (Information Technology) and OT (Operational Technology) must share the same security goals, they often require different tools and techniques to achieve this vision effectively. This disparity arises from the fundamental differences in the nature of IT and OT systems, their operational priorities, and the unique challenges they face.

IT systems primarily focus on data confidentiality and integrity, prioritizing measures such as encryption and access control to protect sensitive information. In contrast, OT systems prioritize operational continuity and reliability, emphasizing measures like redundancy and fault tolerance to ensure uninterrupted production processes. This fundamental difference in priorities necessitates tailored security approaches that address the specific needs of each domain.

While the overarching security goals of IT and OT may align, the distinct nature of these domains necessitates tailored approaches that accommodate their unique operational requirements, technological constraints, and risk profiles. By recognizing these differences and investing in specialized tools and techniques, organizations can effectively secure both their IT and OT environments and mitigate the evolving cyber threats facing critical infrastructure.

[Click for Article]

Challenges of IoT Security

Discover the intricate challenges facing IoT security in our connected world. While IoT devices have revolutionized various sectors, their interconnectivity poses significant cybersecurity risks. Join us as we delve into the vulnerabilities inherent in IoT devices and explore strategies to safeguard against cyber threats. #IoTsecurity #CISA #IPMeter #Cybersecurity #DataPrivacy

The vulnerabilities stemming from inadequate security measures, lack of standardization, and risks in the supply chain underscore the urgent need for robust cybersecurity protocols. With expertise spanning airports, water treatment, and video surveillance, I emphasize the importance of strong authentication, regular patching, and user education in mitigating IoT security risks. Collaboration among stakeholders, including industry leaders, governments, and regulatory bodies, is essential to establish comprehensive security standards and protocols for IoT devices. By prioritizing cybersecurity and fostering collaboration, we can navigate the complexities of IoT security and ensure a safer digital landscape for all. #CybersecurityExpert #CriticalInfrastructure #SecurityStandards #IoTsecurity

[Click for Article]

Hack of the Week (HOT-W)

EKEN Smart Video Doorbell Camera, Chime Ringer and TuckSharkpop Doorbell- Security Issues

More IPVideo Camera and Doorbells in the news for security flows. Good Test report from Consumer Reports.

 

Two vulnerabilities in this grab bag of OEM mistakes. 1. If you make a physical security product, don’t make it reset-able from the insecure side, without a physical barrier. C’mon, really do we have to say that. 2. Oh and in case you think being a security architect requires a big brain, how about not leaking the WiFi SSID in cleartext, without additional steps from the user. UGH.

[Read the HOT-W (PDF 20 pages) ]

20240307-1
20240307-2
20240307-3
20240307-4
20240307-hotw

February 29th Newsletter Content [Original Newsletter]

Subject: IPMeter- Feb 29, IMRON Conference, Wyze Cameras, Medical IoT, Live IoT Patching, (HOTw) DOJ/FBI Fix Infected Routers

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Navigating IoT Security Challenges: Insights from Industry Experts

Half of all IT leaders believe IoT is the weakest link in their security efforts, highlighting the urgent need for effective risk mitigation strategies. Explore critical insights into the state of IoT security, including the prevalence of cyber incidents and the challenges in addressing vulnerabilities. Gain valuable perspectives from industry experts on the importance of implementing the right technology stack and multifaceted approaches to safeguard organizational assets. Don't miss out on the latest strategies for navigating IoT security challenges! #Iotsecurity #CISA #IPMETER #cybersecurity #IoTvulnerabilities

The study's findings underscore the pressing need for organizations to prioritize IoT security measures. It's concerning that half of all IT leaders view IoT as the weakest link in their security efforts, indicating the need for a paradigm shift in cybersecurity strategies. Addressing IoT vulnerabilities requires a multifaceted approach, encompassing agentless security solutions, regular risk assessments, and zero-trust frameworks. Moreover, fostering collaboration with trusted vendors and leveraging real-world case studies are essential for building awareness and driving informed decision-making at the executive level. Contact us today to discuss IPMeter. #Iotsecurity #CISA #IPMETER #cybersecurity #IoTvulnerabilities

[Click for Article]

Verizon Partners with KDDI to Power Sony Honda Mobility's Electric Vehicles in North America

Verizon and KDDI to provide connectivity for Sony Honda Mobility's upcoming electric vehicles in North America. Scheduled for launch in 2025, the AFEELA line of electric vehicles will feature advanced telematics, AI capabilities, and connected features powered by Verizon's LTE and 5G connectivity. Through a long-term partnership with KDDI, Verizon will deliver seamless connectivity for in-car communications and mobility features, shaping the future of transportation with software-defined electric vehicles. Don't miss the opportunity to learn more about this groundbreaking initiative at the intersection of IoT connectivity and automotive innovation! #IoTconnectivity #automotive #Verizon #KDDI #SonyHondaMobility

Verizon's collaboration with KDDI to power Sony Honda Mobility's electric vehicles marks a significant milestone in the evolution of transportation. The integration of LTE and 5G connectivity into the AFEELA line of electric vehicles represents a move to mainstream, always-connected, software-defined future of mobility. This partnership highlights the importance of consistent connectivity for next-generation vehicles and underscores the role of advanced telematics and AI capabilities. We have seen some connectivity platforms form Tesla, but those applicaitons are cloaked in BETA walls, Honda likely will introduce applicaitons that are runtime. That may be a EULA detail to some, but that starts to make this mainstream. #IoTconnectivity #automotive #Verizon #KDDI #SonyHondaMobility

[Click for Article]

Apache TsFile Reaches: mainsteaming Time Series Data Storage

Interesting advancements in time series data storage with the release of TsFile 1.0, a columnar storage file format designed for IoT connectivity and data processing. Developed as part of the Apache IoTDB time-series database, TsFile offers advanced compression, high throughput, and seamless integration with processing tools like Apache Spark and Flink. #IoTconnectivity #Apache #TsFile #datastorage
 

IoT connectivity sometimes mean small data over big pipes, but other times its vast amounts of data over barbed wire infrastrucutre. For those in the latter camp (piplelines, and windfarms come to mind) the evolution of TsFile represents a significant leap forward in addressing the unique challenges of time series data storage and processing. By providing a unified file format tailored specifically for time series data, TsFile streamlines data collection, processing, and analysis, offering unparalleled efficiency and performance. Its integration capabilities with Apache IoTDB and other systems enable seamless data management across diverse applications, from IoT devices to smart control systems. #IoTconnectivity #Apache #TsFile #datastorage

[Click for Article]

The Potential of Enterprise IoT: Transforming Business Operations

Enterprises face numerous challenges in today's digital age, from operational inefficiency to security vulnerabilities and high energy costs. However, the rise of Enterprise IoT presents unprecedented opportunities to revolutionize operational frameworks, elevate decision-making processes, and ensure sustainable development. With the global enterprise IoT market expected to reach $1.42 billion by 2030, organizations are increasingly leveraging IoT technologies to drive growth and efficiency. #EnterpriseIoT #DigitalTransformation #BusinessInnovation #OperationalEfficiency

This is a solid article on the case for organizational IoT. IPMeter supports IoT installations with cybersecurity and performance tools to help ensure success. That success does start with a plan as well as an open-eyed view to IoT challenges. This is a very solid article that is good reading for those considering large scale deployments. #EnterpriseIoT #DigitalTransformation #BusinessInnovation #OperationalEfficiency #iotsecurity #IPMeter

[Click for Article]

Hack of the Week (HOT-W)

Ransomware Attack on Epic Games

Breaking news has emerged regarding a potential ransomware attack targeting Epic Games, the publisher of Fortnite, by a little-known hacking group named Mogilvich. While the authenticity of the hack is yet to be verified by Cyberdaily, the group has reportedly posted details on its darknet leak site, claiming to possess nearly 200GB of sensitive data including emails, passwords, payment information, and source code.
 

Do you have a Fortnite account? Time to enable 2FA and roll password and make sure its not a shared password.

[Read the HOT-W]

20240229-1
20240229-2
20240229-3
20240229-4
20240229-5
20240229-hotw

February 22nd Newsletter Content [Original Newsletter]

Subject: IPMeter- Feb 22, IMRON Conference, Wyze Cameras, Medical IoT, Live IoT Patching, (HOTw) DOJ/FBI Fix Infected Routers

IMRON Security Conference 5 June 2024

IMRON Corporation is hosting a Security and Safety Summit on June 5th, 2024 at SoFi Stadium (Inglewood, near LAX). Speakers, experts, and vendors will be present and covering topics including physical and cyber security. Speakers include Steve Kiss, IPMeter

I will be presenting at this event.  More info to follow.

[Click for Event Details]

[Flyer for Event (PDF)]

Exposed: Chinese Government vast international hacking effort

Extraordinary information released from GitHub leak. China's state-sponsored cyberattacks on foreign governments, Apple, Microsoft and others. Those documents leaked onto Github by I-Soon. #Iotsecurity #CISA #IPMETER #cyberespionage #China #GitHubLeak

This leak posted to GitHub underscores the persistent threat posed by state-sponsored cyberattacks and the imperative for robust cybersecurity defenses. Cyber adversary challenge us daily- just read your logfiles- however, every once and while you get a peak at the really big stuff. It's essential for governments and organizations to enhance collaboration and bolster cybersecurity measures to safeguard against cyber-espionage activities. Let's use this incident as a catalyst for strengthening our cybersecurity posture. #Iotsecurity #CISA #IPMETER #cyberespionage #China #GitHubLeak

[Click for Article]

13,000 Wyze security camera granted access to strangers' camera feeds due to a service outage.

Thousands of Wyze security camera users found themselves viewing strangers' feeds due to a service outage. This incident underscores the importance of robust security measures in the era of connected technology. Learn how to protect your devices and infrastructure from similar breaches with expert insights and tips. #Iotsecurity #CISA #IPMETER #cybersecurity #WyzeBreach

Infrastructure incidents like the Wyze security breach highlight the urgent need for enhanced security protocols. Home security cameras play a vital role in protecting our homes, but they also pose significant risks if not properly secured. From unauthorized access to potential privacy breaches, the implications of such incidents are profound. It's imperative for manufacturers and users alike to prioritize security measures to prevent future breaches and safeguard our privacy and safety. Let's leverage this incident as a learning opportunity to strengthen our security practices and ensure the integrity of our interconnected world. #Iotsecurity #CISA #IPMETER #cybersecurity #WyzeBreach

[Click for Article]

[Additional Details on Breach]

The Future of Medical Device Security: Insights and Initiatives

Discover the latest regulatory initiatives shaping the future of medical device security in 2024 and beyond. With the U.S. National Cybersecurity Strategy and other legislative efforts, there's a proven roadmap for ensuring the safety and security of connected medical devices. Dive into the key challenges and opportunities in securing the Internet of Medical Things (IoMT) and learn how to navigate compliance requirements effectively. Don't miss out on safeguarding tomorrow's healthcare innovations! #Iotsecurity #CISA #IPMETER #medicaldevicesecurity #IoMT

This is well researched article on Medical IoT.  The best part of the article is some background data I have not seen before (I did click on the links to see if this was true).  3.2 years between exposure and patch!  Whaatt  or NATURE study found that medical devices purchased by national health services worldwide have nearly 700 vulnerabilities, more than half defined as “critical” or “high-severity.” #Iotsecurity #CISA #IPMETER #medicaldevicesecurity #IoMT

[Click for Article]

The Evolution of IoT Live Patching

As the IoT landscape expands, so do the risks associated with unpatched devices. Review IoT live patching  methods to stay ahead of cyber threats.  #Iotsecurity #CISA #IPMETER #cybersecurity #IoTlivepatching

We believe that IoT live patching is a crucial advancement in safeguarding connected devices. The risks posed by unpatched IoT devices extend beyond individual devices, impacting users, networks, and entire ecosystems. With real-time updates and automated patching solutions, organizations can effectively mitigate these risks and enhance device resilience. #Iotsecurity #CISA #IPMETER #cybersecurity #IoTlivepatching

[Click for Article]

Navigating IoT Security Compliance: Safeguarding the Digital Realm

IoT Security Compliance: exploring the guidelines shaping the future of connected devices. As IoT becomes ubiquitous across industries, adherence to security standards is paramount. Learn why compliance isn't just a best practice but a necessity to safeguard our interconnected world. Discover key components and challenges of IoT Security Compliance in this insightful journey. #Iotsecurity #CISA #IPMETER #cybersecurity #IoTstandards

In today's interconnected world, IoT Security Compliance isn't merely a checkbox; it's a vital shield protecting our digital infrastructure. As someone deeply invested in securing critical sectors like airports, water treatment, and video surveillance, I recognize the imperative of robust security measures. Neglecting compliance opens the floodgates to data breaches, unauthorized access, and legal consequences. It's time for organizations to prioritize, invest, and implement IoT Security Compliance measures to fortify our digital future. Collaboration, continuous education, and leveraging technology solutions are the cornerstones of success in this dynamic cybersecurity landscape. Let's embark on a journey to safeguard our interconnected world and pave the way for a smarter, safer future. #Iotsecurity #CISA #IPMETER #cybersecurity #IoTstandards

[Click for Article]

Hack of the Week (HOT-W)

Ubiquity Routers infected by Russians, DOJ/FBI jumps in

"Operation Dying Ember," a court-authorized initiative aimed at neutralizing a network of compromised routers exploited by GRU Military Unit 26165 for cyber espionage activities. Leveraging the Moobot malware, the GRU repurposed routers to facilitate vast spearphishing campaigns against government, military, and corporate targets. The operation, led by the FBI and supported by international partners, underscores the ongoing efforts to combat cyber threats and safeguard critical infrastructure. Stay informed about cybersecurity measures to protect against similar malicious activities. #Iotsecurity #CISA #IPMETER #cybersecurity #GRU #OperationDyingEmber

Operation Dying Ember underscores the persistent threat posed by state-sponsored cyber actors like the GRU and the critical need for proactive cybersecurity measures. We need to recognize the significance of disrupting malicious activities targeting routers, which serve as gateways to sensitive networks. This operation not only mitigates immediate risks but also highlights the importance of collaboration between law enforcement agencies, government entities, and private sector partners in defending against cyber threats. Moving forward, continuous vigilance and proactive defense strategies will be essential in safeguarding our nation's digital infrastructure against evolving threats. #Iotsecurity #CISA #IPMETER #cybersecurity #GRU #OperationDyingEmber

[Read the HOT-W]

20240222-1
20240222-2
20240222-3
20240222-4
20240222-5
20240222-HOTW
20240222-0

February 15th Newsletter Content [Original Newsletter]

Subject: IPMeter- Feb , Airbus EFB Hacking, IoT Integration, Prioritizing Cybersecurity, IoT and OT Convergences, HOTw

Navigating IoT Security Regulations: Insights into PSTI, CRA, and the US Cyber Trust Mark

Amidst widespread discussions on IoT security, governments are rolling out new regulations to enhance the resilience of interconnected devices. From the UK's PSTI Act to the EU's Cyber Resilience Act and the US Cyber Trust Mark, businesses must navigate evolving compliance requirements to secure their IoT infrastructure. Stay informed about upcoming regulations and ensure your IoT devices meet the necessary standards. #IoTsecurity #CISA #IPMETER #cybersecurity #regulations #PSTI #CRA #USCyberTrustMark

The emergence of regulations like the PSTI Act, Cyber Resilience Act, and the US Cyber Trust Mark signifies a crucial step towards bolstering IoT security. These measures not only impose stricter requirements on manufacturers but also empower consumers with greater transparency and control over the security of their IoT devices. By investing in compliance and embracing a 'secure by design' approach, businesses can foster a safer and more resilient IoT ecosystem while mitigating the risks associated with cyber threats. Compliance with these regulations not only ensures legal adherence but also reflects a commitment to accountability and consumer trust, ultimately contributing to a more secure digital future. #IoTsecurity #CISA #IPMETER #cybersecurity #regulations #PSTI #CRA #USCyberTrustMark

[Click for Article]

Asimily Report Flags IoT Security Risks: Neglecting Vulnerabilities Comes with a Price

As IoT adoption surges, a new report by Asimily warns of the escalating cybersecurity threats targeting unsecured connected devices. The report, titled ‘IoT Device Security in 2024: The High Cost of Doing Nothing,’ underscores the urgent need for enterprises to bolster their IoT security measures to thwart cyber attacks. #IoTsecurity #CISA #IPMETER #cybersecurity

Working infrastructure security, it's evident that the findings of Asimily's report underscore the critical importance of robust IoT security measures. The prevalence of outdated vulnerabilities and the targeting of essential sectors like hospitals, manufacturers, and government agencies emphasize the urgent need for proactive risk management strategies. We understand the gravity of leaving IoT devices unsecured. It not only exposes sensitive data but also poses significant operational and reputational risks. Enterprises must prioritize investments in IoT security tools and implement comprehensive risk management strategies to safeguard critical infrastructure effectively. Neglecting these vulnerabilities is not an option if we aim to ensure the resilience and security of our nation's vital systems. #cybersecurity #IoTsecurity #CISA #criticalinfrastructure

[Click for Article]

Your tax dollars at work. The NIST National Cybersecuirty Center of Excellence.

Explore the collaborative efforts of the NCCoE in addressing IoT security challenges through industry partnerships, government support, and academic contributions. Stay updated on the latest cybersecurity initiatives and regulatory developments shaping the future of IoT security. #IoTsecurity #CISA #IPMETER #cybersecurity #NCCoE

The work of the NCCoE highlights the importance of collaboration in addressing complex cybersecurity challenges, particularly in securing IoT devices across critical infrastructure sectors. As someone deeply involved in securing critical infrastructure and as a team provinging content to NIST 800-53R3, we recognize the significance of cross-sector partnerships in developing robust cybersecurity solutions. By leveraging expertise from industry, government, and academia, initiatives like those at the NCCoE play a crucial role in strengthening the resilience of our nation's IoT ecosystem. As regulatory frameworks continue to evolve, collaborative efforts will remain essential in safeguarding against emerging cyber threats and ensuring the security and integrity of our nation's critical infrastructure. #IoTsecurity #CISA #IPMETER #cybersecurity #NCCoE

[Click for Article]

Hack of the Week (HOT-W)

Apple- First Security Update for Vision Pro VR Headset

Apple has issued the inaugural security update for its latest Vision Pro virtual reality headset, coinciding with a cautionary advisory from the US cybersecurity agency CISA regarding an iOS vulnerability. The update targets CVE-2024-23222, a WebKit flaw that enables arbitrary code execution through specific web content, addressing potential security risks for Vision Pro users. Stay informed about the latest security updates for your VR experience. #IoTsecurity #CISA #IPMETER #cybersecurity #Apple #VisionPro

It's essential to note the significance of Apple's prompt response to potential security vulnerabilities in its Vision Pro VR headset. The convergence of IoT devices and cutting-edge technologies like VR necessitates robust security measures to mitigate risks effectively. While the specific vulnerability addressed may not have been exploited against VR headsets, the interconnected nature of digital ecosystems underscores the need for proactive security practices. This instance serves as a reminder that even futuristic technologies like VR are not immune to cybersecurity threats and highlights the importance of continuous monitoring and rapid patching to safeguard against potential exploits. #cybersecurity #IoTsecurity #CISA #VisionPro #Apple

[Read the HOT-W]

20240215-1
20240215-2
20240215-HOTW
20240215-3

February 8th Newsletter Content [Original Newsletter]

Subject: IPMeter- Feb , Airbus EFB Hacking, IoT Integration, Prioritizing Cybersecurity, IoT and OT Convergences, HOTw

Airbus EFB Hacking Threat: Safeguarding Airplane Safety in the Digital Age!

Don't Miss: Cybersecurity Threat to Airplane Safety Exposed! Learn how a potential risk to aircraft safety was uncovered when an Airbus suite of applications for pilot electronic flight bags (EFB) was hacked. Discover the critical security flaw that could have had severe consequences for airplane operations and passenger safety. Stay informed to protect against cyber threats in aviation and critical infrastructure!  #Iotsecurity #CISA #IPMeter #AirplaneSafety #CyberSecurity

I find the recent revelation of the hacking threat to Airbus EFB (electronic flight bag) applications troubling. The potential consequences of such a security breach extend far beyond mere data compromise; they directly impact the safety. The disabling of App Transport Security (ATS) in the Flysmart+ application represents a significant oversight. Did I understand the dates in this article correctly, that the hole was found in June 2022 and not fixed until May 2023.  If I count my with my fingers and toes, that is 11 months this was in the wild.  I don't know much about the Airbus EFB, but looking at my personal tool- FLYQEFB... it provides runway data, calculates my weight and balance and identifies obstruction heights.  That a lotta stuff to rely on.

[Click for Article]

Navigating the Future of Retail: IoT Integration and Security

Dive into the Future of Retail: IoT Integration and Security! 🔒 Discover how retailers are leveraging Internet of Things (IoT) assets to revolutionize operations, from supply chain optimization to inventory management. With the global IoT retail market projected to soar to $42.5 billion by 2030, the convergence of IT and operational technology (OT) networks presents both opportunities and challenges. Explore the crucial role of OT assessments in fortifying retail cybersecurity and mitigating the risks associated with IoT integrations. Stay ahead of the curve in securing your organization! 🌐🔐 #Iotsecurity #CISA #IPMeter #RetailTech #CyberSecurity

I find the integration of Internet of Things (IoT) assets into enterprise management systems both promising and concerning. While IoT innovations offer unparalleled opportunities for retailers to enhance operations and customer experiences, they also introduce complex security challenges. An OT assessment equips retailers with invaluable insights into their current OT landscape, enabling them to identify and address security gaps effectively. By bridging the IoT security divide, retailers can ensure the seamless operation of integrated technologies while mitigating cyber risks and safeguarding business continuity. At IPMeter, we are committed to empowering retailers with robust cybersecurity solutions tailored to their specific needs, ensuring resilience and security in an increasingly digital retail landscape. Let's navigate the future of retail together, safeguarding against cyber threats every step of the way!

[Click for Article]

Securing Success in the IoT Era: Prioritizing Cybersecurity!

Uncover the Key to Success in the IoT Era: Security First! 💼💻 The Internet of Things (IoT) brings unparalleled connectivity, revolutionizing operations across industries. But Addressing these concerns is crucial for safeguarding sensitive information and maintaining customer trust. Dive into the significance of IoT security for businesses and unlock the strategic imperative of prioritizing cybersecurity in the interconnected landscape of IoT. Stay ahead of the curve and safeguard your organization’s future! 🛡️🌐 #Iotsecurity #CISA #IPMeter #CyberSecurity #BusinessStrategy

As a cybersecurity expert deeply invested in ensuring the resilience of critical infrastructure across industries like healthcare, finance, and manufacturing, I emphasize the CIA triad—confidentiality, integrity, and availability—organizations can fortify their IoT ecosystems against potential threats while upholding data privacy, reliability, and accessibility.  At IPMeter, we are committed to empowering organizations with cutting-edge solutions and expertise to safeguard their IoT deployments and thrive in the digital age. Let’s secure success together in the dynamic landscape of the Internet of Things! 🔒💼💡

[Click for Article]

Navigating IoT and OT Convergence: Challenges and Solutions

Unlocking the Potential of IoT and OT Convergence: Challenges and Solutions 🌐🔒 The fusion of Internet of Things (IoT) and Operational Technology (OT) is reshaping industries, from manufacturing to energy. Challenges like cybersecurity vulnerabilities, data integration hurdles, and infrastructure limitations must be addressed.  Discover the benefits of IoT visibility in critical infrastructure environments and the ongoing commitment required to ensure secure and efficient operations. Embrace the future of interconnected industrial ecosystems with confidence and resilience! 💡🛠️ #IoT #OT #Cybersecurity #NetworkVisibility #DigitalTransformation

IoT heralds both promise and peril. The transformative potential of IoT and OT integration promises unparalleled operational efficiency and data-driven decision-making. However, the journey is fraught with challenges, from cybersecurity vulnerabilities inherent in legacy ICS ecosystems to the formidable task of bridging data integration gaps. Infrastructure limitations further compound the complexity, demanding modernization and scalability.  By embracing proactive threat detection, swift incident response, and continuous security reinforcement, organizations can fortify their defenses and harness the full potential of IoT-OT convergence. Reach out to schedule a demo of IPMeter. 🛡️🔍 #CyberDefense #SecurityStrategy #IoTVisibility #OTSecurity #DigitalResilience

[Click for Article]

Hack of the Week (HOT-W)

Critical Vulnerabilities Exposed: EZVIZ IoT Cameras at Risk!

Stay Alert: Major Vulnerabilities Found in EZVIZ IoT Cameras! 🛑💻 Critical vulnerabilities in five EZVIZ IoT camera models, potentially granting threat actors unauthorized access to video feeds. These vulnerabilities, including stack-based buffer overflow, insecure direct object reference, and encryption key theft, pose grave security risks. Affected models range from CS-CV248 to CS-C3W-A0-3H4WFRL. Learn how these vulnerabilities could compromise your security and what steps EZVIZ is taking to mitigate the risk. Stay vigilant and protect your IoT devices from exploitation! 🔒🔍 #IoTsecurity #CyberThreats #Bitdefender #EZVIZ #SecurityUpdate

This is the weekly theme for IP Cameras- these exploits jeopardize the privacy and security of users but also expose them to potential cyberattacks. These flaws, if exploited, could enable threat actors to remotely control the cameras, access sensitive video feeds, and compromise the integrity of affected devices. While EZVIZ has begun issuing security updates to address these vulnerabilities, the incident underscores the pressing need for rigorous security testing and proactive risk management in the IoT ecosystem. At IPMeter, we are committed to empowering organizations and individuals with the tools and expertise needed to mitigate IoT security risks effectively. Let's work together to safeguard against emerging threats and ensure the resilience of IoT infrastructure in an increasingly connected world. 🛡️🌐

[Read the HOT-W]

20240208-1
20240208-2
20240208-3
20240208-4
20240208-HOTW

February 1st Newsletter Content [Original Newsletter]

Subject: IPMeter- Feb 1, Hacked feeds on Telegram, IoT in Hotels, OMB- not meeting IoT standards, HOTw

OMB: Few agency policies met standards for IoT Security

Federal IoT Security: The OMB assesses agency policies, revealing gaps in addressing federally mandated cybersecurity requirements for IoT devices. Learn how the government is working to align policies with NIST guidelines and enhance security.

[Click for Article]

Securing Tomorrow's Connectivity: Strategies for Building Resilient Time-Sensitive IoT Networks

Unlocking the Secrets of Resilient Time-Sensitive IoT Networks! Discover the critical strategies and best practices for fortifying IoT networks against cyber threats. From TSN standards to encryption, get insights to ensure uninterrupted service.  #IoTsecurity #CISA #IPMeter #CyberResilience

[Click for Article]

Smart Hospitality: A Deep Dive into the Transformative Power of IoT in Hotels

Elevate the Hotel Experience with IoT! Explore the practical applications revolutionizing hospitality – from personalized guest settings to operational efficiency. Join us on this tech-forward journey and stay ahead in the competitive hotel industry.  #IoTsecurity #CISA #IPMeter #SmartHospitality

[Click for Article]

Securing the Road Ahead for Electric Vehicles and Charging Stations

Embrace the Future of E-Mobility Safely! Explore how IoT technology in Electric Vehicles (EVs) and charging stations propels sustainability. Dive into potential vulnerabilities and discover proactive measures for robust cybersecurity.  #IoTsecurity #CISA #IPMeter #EVs #SmartMobility

[Click for Article]

Decoding Concerns: Americans Fear Smart Home Device Hacking – Unveiling Risks and Solutions

1 in 3 Americans Worried About Smart Home Devices Being Hacked! Explore the top concerns, including Amazon Echo and security cameras. Dive into the risks of hacking, identity theft, and privacy invasion. Assess device security and learn why education from vendors is crucial.  #IoTsecurity #CISA #IPMeter #SmartHome #TechPrivacy

[Click for Article]

Hack of the Week (HOT-W)

Exposed: Hacked camera feeds for sale on Telegram

Privacy Alert: Hacked Bedroom Cameras Sold for $16 on Telegram!  Background on camera feeds available for purchase on Telegram along with mitigation steps to protect yourself.  Learn crucial tips on securing your security cameras from hackers. #IoTsecurity #CISA #IPMeter #PrivacyAlert #CyberSecurity

[Read the HOT-W]

January 24th Newsletter Content [Original Newsletter]

Subject: Jan 24, 420 Attacks in 2023, IoT Risks, Innovations IoT 2028, Cyber Trust Mark, Insurance, HOT-W

2023 Year in Review: 420 Million Attacks on Critical Infrastructure

Forescout Research records 420 million attacks on critical infrastructure, revealing alarming trends.  Some good insights on software exploits, IoT vulnerabilities, OT protocols, malware families, and threats across 163 countries. Discussion of cybersecurity with proactive strategies.  #IoTsecurity #CISA #CyberThreats #CriticalInfrastructure #Cybersecurity

[Click for Article]

Unlocking Cyber Insurance Insights for 2024: Trends, Challenges, and Growth Opportunities

Navigating the Cyber Insurance Landscape: What to Expect in 2024-  Latest insights on cyber insurance trends, as experts predict a shift in premium costs. Discussion of rising cyber threats on insurance claims and the potential increase in rates. Use #ipmeter to safeguard your business in the evolving cybersecurity landscape. #CyberInsurance #RiskManagement #SecurityTrends #iotsecurity

[Click for Article]

U.S. Cyber Trust Mark: Navigating the Future of IoT Security

Enhancing IoT Security: Unveiling the U.S. Cyber Trust Mark: President Biden's Executive Order brings a new era of IoT security, introducing a consumer-friendly Cyber Trust Mark.  Read how NIST guidelines and certifications shape the future of IoT product security. Stay ahead with #Iotsecurity and explore the U.S. Cyber Trust Mark's impact on the industry.  #CISA #IPMeter #CybersecurityInnovation

[Click for Article]

Understanding open source security risks in IoT applications

The Internet of Things (IoT) is reshaping industries, but the open-source software comes with security risks. Dive into the world of #IoTsecurity and discover the key steps to fortify your IoT deployments against potential threats. Discussion on how to secure your IoT ecosystem with insights on vulnerabilities, dependency chains, and the importance of open-source security practices. Stay ahead with #CISA guidelines and safeguard the future of connected devices. #OpenSourceSecurity #CyberSecurity #TechInnovation

[Click for Article]

Exploring IoT Innovations in 2024: Security, Efficiency, and Sustainability

The Future of IoT in 2024- Latest insights from MicroHackers on how IoT is reshaping our world. Discussion of AI, edge computing, blockchain, and more on IoT security and efficiency. #IoTsecurity and explore the innovations shaping our connected future.

[Click for Article]

Hack of the Week (HOT-W)

GnuTLS CVSS Score 7.5 (High)

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

[Read the HOT-W]

January 18th Newsletter Content [Original Newsletter]

Subject: IPMeter- Jan 18, IoT 5 Mistakes, IoT 2028 Forecast, EU Signs onto IoT Label Plan, HOT-W

IoT Security: Avoid These 5 Mistakes

Avoid common pitfalls like neglecting hardware's security support and failing to enforce encryption. Don't let simple passwords compromise your IoT systems—implement strong passwords and embrace two-step authentication. Educate employees on cybersecurity importance and, crucially, always back up data. Embrace the benefits of IoT by securing your systems and avoiding these key mistakes for a thriving and innovative business. #IoTSecurity #BusinessInnovation

[Click for Article]

IoT Node and Gateway Global Market Forecast Report 2028: Connectivity ICs Emerge as Predominant Segment, with Consumer Electronics Showing Rapid Advancement

Latest financial forecast on IoT Market.  Summary: Valued at USD 672.11 Million in 2022, the market is poised for a remarkable 15.19% CAGR up to 2028, revolutionizing global connected device communication. Key drivers include IoT device proliferation, edge computing demand, industrial IoT adoption, 5G technology, and a focus on data security.  #IoTMarket #Innovation #TechTrends

[Click for Article]

EU signs on to IoT safety label plan

Exciting developments in cybersecurity! The Biden administration's plan to introduce a labeling scheme for connected devices, ensuring the cybersecurity of IoT products, is gaining international momentum. The U.S. and the European Union have signed an agreement on a joint roadmap for a consumer labeling program, aiming to enhance consumer safety and protect critical infrastructure. This initiative, part of the 2021 cybersecurity executive order, involves a cyber trust mark on smart device packaging, akin to the Energy Star label for energy efficiency. Anticipated to be finalized by the end of 2024, this labeling system will empower consumers to make informed, cyber-safe choices. #Cybersecurity #IoT #TechPolicy

[Click for Article]

Hack of the Week (HOT-W)

How the Humble Bolt meets critical cyber infrastructure.

It's concerning that such incidents persist. In our interconnected world, where devices are equipped with WiFi, Bluetooth, or cellular connections, it's crucial to regularly test them using a vulnerability scanner. As both a mechanic and a pilot, I've admired the state-of-the-art wrench extensively utilized in aerospace and car manufacturing. If precision in bolt tightness is paramount—whether working at Boeing, Beechcraft, Cirrus, Audi, Tesla, or Lucid—routine torque wrench calibration is a norm. For those using network-connected wrenches, particularly for logging purposes, incorporating cyber testing becomes imperative. Despite the recent Door Plug-gate controversy, the act of tightening a simple bolt remains a foundational element in critical infrastructure.

[Read the HOT-W]

[Read the HOT-W (Alternate Link)]

January 11th Newsletter Content [Original Newsletter]

Subject: IPMeter- Jan 11,Embed Linux IoT, Anti-drone systems, 30 IoT Questions, IoT Healthcare, HOT-W

Embedded Linux IoT Security: Defending Against Cyber Threats

Securing the Future: Fortifying Embedded Linux IoT Systems Against Cyber Threats with Containers, Hardware Security, and Proactive Strategies

[Click for Article]

A guide to anti-drone systems: Protecting against evil aerial intruders

"Guarding the Skies: The Rise of Anti-Drone Systems to Safeguard Against Emerging Threats – A Comprehensive Exploration of Technology, Functionality, and Customizable Configurations"

[Click for Article]

Top 30 IoT interview questions and answers for 2024

Great set of IoT Interview Questions

[Click for Article]

IoT – The key to connected care excellence

Elevating Patient Security: Navigating Challenges in the Internet of Medical Things (IoMT)

[Click for Article]

Hack of the Week (HOT-W)

China forensic firm cracks Apple’s AirDrop to help Beijing police track senders

Beijing Forensics Firm hired by Bejing Gov to crack Apple AirDrop- crack successful, but new Airdrops will be time limited.

[Read the HOT-W]

bottom of page